CISA Question #645: Real Exam Question with Answer & Explanation

The correct answer is D: Introduce escalation protocols.. Escalation protocols establish a clear chain of authority that dictates when and to whom decisions must be referred during an incident. If staff are making decisions beyond their authority, it signals that this chain is absent or unclear. Fallback options (A) address technical co

Submitted by zhang_li· Apr 18, 2026Information Systems Operations and Business Resilience

Question

During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority. Which of the following is the BEST recommendation to help prevent this situation in the future?

Options

AImplement fallback options.
BEnable an emergency access ID.
CDevelop a competency matrix.
DIntroduce escalation protocols.

Explanation

Escalation protocols establish a clear chain of authority that dictates when and to whom decisions must be referred during an incident. If staff are making decisions beyond their authority, it signals that this chain is absent or unclear. Fallback options (A) address technical continuity, not decision authority. Emergency access IDs (B) are a technical control for access, not governance. A competency matrix (C) maps skills but does not establish who has the authority to make specific decisions during a crisis.

Topics

#Incident Management#Escalation Procedures#Roles and Responsibilities#Operational Efficiency

Community Discussion

No community discussion yet for this question.

Full CISA Practice Browse All CISA Questions